We all use Snapchat and we all don’t like people taking screenshots of our sent pictures. But what if someone else could see everything you do on your smartphone without you knowing it? Last Thursday researchers discovered that Apple allowed Uber to record a user’s iPhone screen, even if you were not using the Uber app, to improve the functionality between the Uber’s app and the Apple Watch.
This is not the first time Apple has been involved in a case concerning the privacy of applications. Until iOS 9, apps were able to scan which other apps were installed on the device. Developers used a API that originally was created as a tool for communication between apps to discover which other apps were installed. In particular, Facebook and Twitter used this API for targeting ads. After privacy concerns, Apple decided to change its privacy policy and removed this particular functionality of the API.
Now Apple faces again privacy concerns. But this time it is different. It appears that Apple gave Uber an exclusive permission to use a function which records the user’s iPhone screen. As Apple wanted to extent the functions of the Apple Watch, they helped Uber launching a compatible Apple Watch app back in 2015. Therefore, they considered Uber as a trusted developer and gave them special permissions.
So, how does it work? Apple allowed Uber to use a piece of code, called an ‘entitlement’. This piece of code can only be used by Apple’s explicit permission and no other app developer is entitled to use this. Entitlement is not intended to use for screen recordings, but it could be used to control each color of each pixel of your screen. With this information, Uber was able to draw the screen and potentially see what the user was doing. Even more striking, they could have potentially see your passwords.
Uber explained that they did not used this functionality to record the user’s screen and only used it for map rendering. But concerning the recent revelations about Uber’s spy program ‘Hell’ which gave them the ability to see where the competitor Lyft’s drivers were driving, do we trust them? We all love the functionality of Uber, but do they need to get this far in order to gain more customers and track down competitors? What do you think?
References:
Conger, K. (2017, October 5). Researchers: Uber’s iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen. Retrieved October 6, 2017, from https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235
Hook, L. (2017, September 8). Uber confirms FBI probe of ‘Hell’ tracker programme. Retrieved October 6, 2017, from https://www.ft.com/content/f2482242-94a6-11e7-a9e6-11d2f0ebb7f0
Kriel, C. (2015, June 25). Apple steps up user privacy in iOS 9, prevents apps from scanning for other installed apps. Retrieved October 6, 2017, from https://siliconangle.com/blog/2015/06/25/apple-steps-up-user-privacy-in-ios-9-prevents-apps-from-scanning-for-other-installed-apps/
Hey Niels,
Great post. Indeed this issue becomes more and more relevant nowadays, and the sad part is.. people don’t actually care. Today it’s more important for people to get convenience than to keep their privacy online. Social media channels like Facebook and Linkedin can already make many predictions based on the data they have. Linkedin for instance has a data scientist team that focuses on predicting one’s future career path based on one’s activity on the platform – and they are getting more accurate everyday. Is that creepy? Do people feel comfortable about that? Here’s the thing: it’s already happening, and the only way to stop the data flow is to stop people using social media and other online sources. Given the current rates of adoption, it’s safe to say that’s not going to happen any time soon.
I personally think that it’s time for people to realize what is happening first and then decide whether this bothers them or not, only then we can think of a solution.
Interesting post Niels. It is somewhat concerning that large companies such as Uber are not only tracking our whereabouts, but also being able to see everything we do on our screen. I can imagine it is difficult for regulators to keep up with technology in this aspect, as they dont have the resources to do a due diligence that is as in-depth as one that Apple may be able to carry out as it is in regards to their own product. It will be interesting to see if Uber is further penalized on this moving forward.